[NEWS] Cisco Clean Access File Upload Authentication Bypass
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 19 Dec 2005 10:25:40 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cisco Clean Access File Upload Authentication Bypass
------------------------------------------------------------------------
SUMMARY
" <http://www.cisco.com/en/US/products/ps6128/index.html> Cisco Clean
Access (NAC Appliance) is an easily deployed Network Admission Control
(NAC) solution that can automatically detect, isolate, and clean infected
or vulnerable devices that attempt to access your network - regardless of
the access method. "
Cisco Clean Access does not validate user authentication, allowing
attackers to upload any file they wish to the server, and even cause a DoS
by filling up all the storage space.
DETAILS
Vulnerable Systems:
* Cisco Clean Access version 3.5.5
A user without a username or password can upload files to a web visible
folder using the pages: /admin/uploadclient.jsp, apply_firmware_action.jsp
or file.jsp. The user could also fill up the drive as it seems, aside from
/boot, the rest of the drive is one big partition. Filling up the drive
would most definitely cause the system to lock up in its current
configuration.
ADDITIONAL INFORMATION
The information has been provided by <mailto:alex@xxxxxx> Alex.
The original article can be found at:
<http://www.awarenetwork.org/forum/viewtopic.php?p=2236>
http://www.awarenetwork.org/forum/viewtopic.php?p=2236
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [TOOL] Intestinal Worm - Back Door Tool
- Next by Date: [EXPL] Oracle XDB HTTP PASS Overflow (Metasploit exploit)
- Previous by thread: [TOOL] Intestinal Worm - Back Door Tool
- Next by thread: [EXPL] Oracle XDB HTTP PASS Overflow (Metasploit exploit)
- Index(es):
Relevant Pages
- [NEWS] Multiple Vulnerabilities in Cisco Clean Access
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Multiple Vulnerabilities in Cisco
Clean Access ... Cisco Clean Access Server (CAS) devices that work in tandem. ...
Due to this vulnerability the shared secret can not be properly set ... (Securiteam) - [UNIX] MAXdev MD-Pro Multiple Vulnerabilities (Code Execution, Path Disclosure and CSS)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Type of files you can execute
depends on server configuration should be ... better to set which type of files a user CAN upload.
... (Securiteam) - [NT] Cisco Clean Access Authentication Bypass
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... attackers can bypass Cisco
Clean Access ... * Cisco Clean Access Agent version 3.5.4 ... In no event shall
we be liable for any damages whatsoever including direct, indirect, incidental, consequential,
loss of business profits or special damages. ... (Securiteam) - [NT] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Collaboration Server is
"a full-featured and integrated mail and instant ... attachment upload feature that may
be exploited to upload files to ... * DeskNow Mail and Collaboration Server version 2.5.12
and prior ... (Securiteam) - [UNIX] LightBlog Arbitrary File Upload Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... LightBlog Arbitrary File Upload
Vulnerability ... (Securiteam)
